mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-19 14:09:40 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,22 @@
|
||||
# Standards Reference: Android Intent Vulnerabilities
|
||||
|
||||
## OWASP Mobile Top 10 2024
|
||||
| ID | Risk | Intent Relevance |
|
||||
|----|------|-----------------|
|
||||
| M4 | Insufficient Input/Output Validation | Intent parameter injection |
|
||||
| M8 | Security Misconfiguration | Exported components without permission guards |
|
||||
|
||||
## OWASP MASVS v2.0 - MASVS-PLATFORM
|
||||
| Control | Test |
|
||||
|---------|------|
|
||||
| MASVS-PLATFORM-1 | Verify exported components require appropriate permissions |
|
||||
| MASVS-PLATFORM-2 | Verify intent data is validated before processing |
|
||||
|
||||
## CWE Mappings
|
||||
| CWE | Title | Vector |
|
||||
|-----|-------|--------|
|
||||
| CWE-926 | Improper Export of Android Application Components | Exported without permission |
|
||||
| CWE-927 | Use of Implicit Intent for Sensitive Communication | Sensitive data in implicit intents |
|
||||
| CWE-925 | Improper Verification of Intent by Broadcast Receiver | Missing sender verification |
|
||||
| CWE-89 | SQL Injection | Content provider query injection |
|
||||
| CWE-22 | Path Traversal | Content provider path traversal |
|
||||
@@ -0,0 +1,17 @@
|
||||
# Workflows: Android Intent Vulnerability Testing
|
||||
|
||||
## Workflow 1: IPC Security Assessment
|
||||
```
|
||||
[Decompile APK] --> [Parse AndroidManifest] --> [Enumerate exported components]
|
||||
|
|
||||
+------------------+------------------+
|
||||
| | | |
|
||||
[Activities] [Services] [Receivers] [Providers]
|
||||
[Direct launch] [Bind/Start] [Trigger] [Query/Inject]
|
||||
[Auth bypass?] [Data exfil?] [Sniff?] [SQLi? Traversal?]
|
||||
| | | |
|
||||
+------------------+------------------+
|
||||
|
|
||||
[PendingIntent audit]
|
||||
[Report findings]
|
||||
```
|
||||
Reference in New Issue
Block a user